Secure Coding Basics Quiz

SQL injection is a security threat where attackers exploit vulnerabilities in an application's input fields by inserting harmful SQL code. This can lead to unauthorized access, data manipulation, or even data breaches, allowing attackers to control the database and compromise sensitive information. It highlights the importance of input validation and secure coding practices.

Parameterized queries or prepared statements separate SQL code from data input, ensuring that user inputs are treated as data rather than executable code. This significantly reduces the risk of SQL injection attacks, as it prevents malicious users from manipulating the SQL query structure through crafted inputs.

Cross-site scripting (XSS) is a security vulnerability that allows attackers to inject malicious JavaScript code into web pages viewed by users. This code can then execute in the context of the user's browser, potentially compromising sensitive data, session cookies, or leading to further attacks, making JavaScript a primary vector for XSS exploits.

Input validation is a security measure that ensures only properly formatted and expected data is accepted by an application. By checking user inputs against predefined criteria, it helps prevent harmful data, such as SQL injections or scripts, from compromising the application's integrity and security. This protection is essential for maintaining a safe and reliable system.

Using weak passwords, even with frequent changes, poses significant security risks. Weak passwords are easier for attackers to guess or crack, regardless of how often they are updated. Strong, unique passwords are essential for protecting sensitive information and maintaining overall security, making reliance on weak passwords unacceptable.

AES-256 encryption is widely regarded as secure for protecting sensitive data at rest due to its use of a 256-bit key, which offers a high level of security against brute-force attacks. It is a symmetric encryption standard that is both efficient and strong, making it suitable for safeguarding sensitive information.

A buffer overflow attack occurs when a program writes more data to a buffer than it can hold, leading to adjacent memory being overwritten. This vulnerability arises in programs that fail to validate or limit the size of input data, allowing attackers to manipulate memory and potentially execute arbitrary code.

Using HTTPS instead of HTTP primarily enhances security by encrypting the data exchanged between the client and server. This encryption protects sensitive information from being intercepted by malicious actors during transmission, ensuring confidentiality and integrity of the data being communicated.

Storing passwords in plaintext is insecure because it exposes users' sensitive information to potential breaches. If a database is compromised, attackers can easily access and misuse these passwords. Instead, passwords should be hashed and salted, ensuring that even if data is stolen, the actual passwords remain protected and difficult to retrieve.

Validating all user input helps prevent injection attacks by ensuring that data meets expected formats and types. Implementing proper error handling protects sensitive information by avoiding the disclosure of system details during failures. Both practices enhance application security by addressing potential vulnerabilities.

Authentication involves the confirmation of a user's identity, ensuring that they are indeed who they assert to be. This process typically includes the use of credentials, such as passwords or biometrics, to validate the user's identity before granting access to systems or information.

The principle of least privilege ensures that users are granted only the permissions necessary to perform their job functions. This minimizes the risk of accidental or malicious actions that could compromise system security, as it limits access to sensitive information and resources, thereby enhancing overall security posture.